Tài liệu hạn chế xem trước, để xem đầy đủ mời bạn chọn Tải xuống
1
/ 19 trang
THÔNG TIN TÀI LIỆU
Thông tin cơ bản
Định dạng
Số trang
19
Dung lượng
845 KB
Nội dung
ANDROID™ OS Security A brief synopsis of the Android Operating System and its security Phạm Thành Viên Nguyễn Đăng Trọng Nguyễn Minh Đức 51003959 51003622 51000746 The ANDROID™ OS • History • • • Google acquires mobile software startup Android™ in 2005 Open Handset Alliance officially starts on November 5th, 2007 Android™ 1.0 source and SDK released in Fall 2008 (http://www.android.com/timeline.html) The ANDROID™ OS • Versions • 1.0 September 2008 •1.1 February 2009 •1.5 (Cupcake) April 2009 •1.6 (Donut) September 2009 •2.0/2.1 (Éclair) October 2009 •2.2 (Froyo) May 2010 •2.3 (Gingerbread) December 2010 •3.0/1 (Honeycomb) February/May 2011 •3.2.x July/Sept/Aug/Dec 2011, 3.2.6 Feb 2012 •4.0.x (Ice Cream Sandwich) Oct, Nov, Dec 2011, March 2012 The ANDROID™ OS • System Architecture • • • Linux Version 2.6 or 3.0.1 Davlik Virtual Machine (VM) Application Framework The ANDROID™ OS http://developer.android.com/images/system-architecture.jpg The ANDROID™ OS • Applications • • • • • Applications are written in Java or Python Applications are run on the Davlik Virtual Machine Development done in the Android™ SDK Development is open to all User driven Android™ Market ANDROID™ Security • Security triad applicability • • • Confidentiality Integrity Availability ANDROID™ Security • Android Security • • Relies on security of it’s foundations; Linux, Davlik, and Java Security Goal: “A central design point of the Android security architecture is that no application, by default, has permission to perform any operations that would adversely impact other applications, the operating system, or the user.” ANDROID™ Security • Enforcement strategy • • • Application signing and certification Linux user name base access restriction Capability permissions ANDROID™ Security • Application Sandboxes • • All Applications run as their own Linux user Several Inter-Process Communication methods: – – – – – • Activities Services BroadcastReceiver ContentProvider Intent Applications utilize a capability like model to protect the system and the user ANDROID™ Security • Android™ Capabilities and Permissions • • • • Capabilities default to safe state Must be explicitly defined to enable capabilities Permissions are static on install Users have open view of permissions ANDROID™ Security http://developer.android.com/reference/android/Manifest.permission.html http://www.simplehelp.net/images/quick_gps/img06.png ANDROID™ Security • Security Concerns for developers • • • Protect your application, use least privilege principle If you expose, mediate IPCs Provide maximum availability – Minimize memory footprint – Minimize battery usage ANDROID™ Security • Security Concerns for users • Do your research – – – – Read reviews Analyze capabilities/permissions before installing Use Common sense http://www.downloadsquad.com/2010/06/28/understa nding-the-android-market-security-system/ ANDROID™ Security • Security Analysis • • • Mediation Verifiability Integrity of TCB ANDROID™ Security • Principles of Secure Design – – – – – – – – – Least Privilege Fail Safe Defaults Economy of Mechanism Complete Mediation Defense in depth Open Design Separation of Privilege Least Common Mechanism Psychological Acceptability Conclusion • • • Secure architecture Reliance on trust As with all things, use your head References Burns, Jesse “Mobile Application Security on Android.” blackhat.com June 2009 Web 27 July 2010 Android Developers, “Security and Permissions.” developer.android.com 26 July 2010 Web 27 July 2010 Android (operating system) Wiki Elgin, Ben “Google Buys Android for Its Mobile Arsenal” businessweek.com 17 August 2005 Web 27 July 2010 Portions of this presentation are reproduced from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License The End Thank you ! [...]... Application Security on Android. ” blackhat.com June 2009 Web 27 July 2010 Android Developers, Security and Permissions.” developer .android. com 26 July 2010 Web 27 July 2010 Android (operating system) Wiki ... footprint – Minimize battery usage ANDROID Security • Security Concerns for users • Do your research – – – – Read reviews Analyze capabilities/permissions before installing Use Common sense http://www.downloadsquad.com/2010/06/28/understa nding-the -android- market -security- system/ ANDROID Security • Security Analysis • • • Mediation Verifiability Integrity of TCB ANDROID Security • Principles of Secure.. .ANDROID Security • Android Capabilities and Permissions • • • • Capabilities default to safe state Must be explicitly defined to enable capabilities Permissions are static on install Users have open view of permissions ANDROID Security http://developer .android. com/reference /android/ Manifest.permission.html http://www.simplehelp.net/images/quick_gps/img06.png ANDROID Security • Security. .. Web 27 July 2010 Android (operating system) Wiki Elgin, Ben “Google Buys Android for Its Mobile Arsenal” businessweek.com 17 August 2005 Web 27 July 2010 Portions of this presentation are reproduced